diff --git a/changelogs/fragments/20241129-ec2_security_group-fix-issue-with-with-mode.yaml b/changelogs/fragments/20241129-ec2_security_group-fix-issue-with-with-mode.yaml
new file mode 100644
index 0000000000..07873359bd
--- /dev/null
+++ b/changelogs/fragments/20241129-ec2_security_group-fix-issue-with-with-mode.yaml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - ec2_security_group - Fix the diff mode issue when creating a security group containing a rule with a managed prefix list (https://github.com/ansible-collections/amazon.aws/issues/2373).
\ No newline at end of file
diff --git a/plugins/modules/ec2_security_group.py b/plugins/modules/ec2_security_group.py
index d20e684351..4971721af9 100644
--- a/plugins/modules/ec2_security_group.py
+++ b/plugins/modules/ec2_security_group.py
@@ -1336,19 +1336,31 @@ def get_final_rules(client, module, security_group_rules, specified_rules, purge
             elif rule.get("from_port") or rule.get("to_port"):
                 format_rule["from_port"] = rule.get("from_port", rule.get("to_port"))
                 format_rule["to_port"] = rule.get("to_port", rule.get("from_port"))
-            for source_type in ("cidr_ip", "cidr_ipv6", "prefix_list_id"):
+            for source_type in ("cidr_ip", "cidr_ipv6"):
                 if rule.get(source_type):
                     rule_key = {
                         "cidr_ip": "ip_ranges",
                         "cidr_ipv6": "ipv6_ranges",
-                        "prefix_list_id": "prefix_list_ids",
                     }.get(source_type)
+                    if not isinstance(rule[source_type], list):
+                        rule[source_type] = [rule[source_type]]
                     if rule.get("rule_desc"):
-                        format_rule[rule_key] = [{source_type: rule[source_type], "description": rule["rule_desc"]}]
+                        format_rule[rule_key] = [
+                            {source_type: target, "description": rule["rule_desc"]} for target in rule[source_type]
+                        ]
                     else:
-                        if not isinstance(rule[source_type], list):
-                            rule[source_type] = [rule[source_type]]
                         format_rule[rule_key] = [{source_type: target} for target in rule[source_type]]
+            # Prefix list (ansible option is 'ip_prefix')
+            if rule.get("ip_prefix"):
+                ip_prefix = rule["ip_prefix"]
+                if not isinstance(ip_prefix, list):
+                    ip_prefix = [ip_prefix]
+                if rule.get("rule_desc"):
+                    format_rule["prefix_list_ids"] = [
+                        {"prefix_list_id": i, "description": rule["rule_desc"]} for i in ip_prefix
+                    ]
+                else:
+                    format_rule["prefix_list_ids"] = [{"prefix_list_id": i} for i in ip_prefix]
             if rule.get("group_id") or rule.get("group_name"):
                 # XXX bug - doesn't cope with a list of ids/names
                 rule_sg = group_exists(